
# 检查是否使用PAM认证模块禁止wheel组之外的用户su为root
sudo sed -i '1i\auth sufficient pam_rootok.so\nauth required pam_wheel.so group=wheel' /etc/pam.d/su
# 你可以把用户添加到wheel组，以使它可以使用su命令成为root用户。 添加方法为：usermod -G wheel sumz


# 新增sudo用户
USERNAME=sumz&&PASSWORD='123456'&&useradd $USERNAME&&echo $PASSWORD | passwd --stdin $USERNAME&&usermod -G wheel sumz


# 检查是否禁止root用户远程登录
cp -p /etc/ssh/sshd_config /etc/ssh/sshd_config_bak && sed -i 's/^#PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config && service sshd reload


# 检查是否安装chkrootkit进行系统监测
# zip:wget ftp://ftp.chkrootkit.org/pub/seg/pac/chkrootkit.tar.gz  rpm:yumdownloader gcc gcc-c++ make glibc-static libstdc++-devel cpp mpfr libmpc
unzip chkrootkit2.zip && cd chkrootkit && yum install *.rpm && tar zxvf chkrootkit.tar.gz && cd chkrootkit-0.58b && make sense && mv chkrootkit /usr/local/chkrootkit


# 检查是否配置远程日志功能
# yumdownloader syslog-ng libnet eventlog ivykis
# 服务区端
yum iinstall ./*.rpm && chkconfig rsyslog off; chkconfig syslog-ng on && service rsyslog stop;service syslog-ng start && mv /etc/syslog-ng/syslog-ng.conf /etc/syslog-ng/syslog-ng.conf_bak
echo '''@version:3.5
@include "scl.conf"

options {
        time-reap(30);
        mark-freq(10);
        keep-hostname(yes);
        };

source s_network {
    tcp(ip(0.0.0.0) port(514));
    udp(ip(0.0.0.0) port(514));
};

  
destination d_logs {    
  file("/home/sumz/syslog-ng/messages_${HOST}");
};
    
log {    
  source(s_network);    
  destination(d_logs);
};
''' > /etc/syslog-ng/syslog-ng.conf
systemctl reload syslog-ng.service
# 客户端
echo '*.* @@10.138.46.10:514' >> /etc/rsyslog.conf && systemctl restart rsyslog


# 检查安全事件日志配置
# rsyslog
echo '*.err;kern.debug;daemon.notice  /var/adm/msgs/syslog.log' >> /etc/rsyslog.conf && mkdir -p /var/adm/msgs/ &&  service rsyslog restart
# syslog-ng
echo '''
source s_local {
    system();
    internal();
};

filter f_msgs {
    level(err) or (facility(kern) and level(debug)) or (facility(daemon) and level(notice));
};

destination msgs {
    file("/var/adm/msgs/syslog.log");
};

log {
    source(s_local);
    filter(f_msgs);
    destination(msgs);
};
''' >> /etc/syslog-ng/syslog-ng.conf
 mkdir -p /home/sumz/msgs/ && systemctl reload syslog-ng.service


# 检查是否记录用户对设备的操作 yumdownloader psacct
cd /tmp && yum install psacct-6.6.1-13.el7.x86_64.rpm && mkdir /home/sumz/account && touch /home/sumz/account/pacct
echo '''
# Logrotate file for psacct RPM

#/var/account/pacct {
/home/sumz/account/pacct {
    compress
    delaycompress
    notifempty
    daily
    rotate 31
    create 0600 root root
    postrotate
       if /usr/bin/systemctl --quiet is-active psacct.service ; then
           /usr/sbin/accton /home/sumz/account/pacct | /usr/bin/grep -v "Turning on process accounting, file set to '/home/sumz/account/pacct'." | /usr/bin/cat
       fi
    endscript
}
''' > /etc/logrotate.d/psacct
echo '''
[Unit]
Description=Kernel process accounting
After=syslog.target
#ConditionPathExists=/var/account
ConditionPathExists=/home/sumz/account

[Service]
Type=oneshot
ExecStartPre=/usr/libexec/psacct/accton-create
#ExecStart=/usr/sbin/accton /var/account/pacct
ExecStart=/usr/sbin/accton /home/sumz/account/pacct
ExecStop=/usr/sbin/accton off
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target
''' > /usr/lib/systemd/system/psacct.service
systemctl daemon-reload && service psacct restart

# 检查是否设置ssh登录前警告Banner
touch /etc/ssh_banner && chown bin:bin /etc/ssh_banner && chmod 644 /etc/ssh_banner && echo " Authorized only. All activity will be monitored and reported " > /etc/ssh_banner && echo 'Banner /etc/ssh_banner' >> /etc/ssh/sshd_config && service sshd reload

# 检查系统openssh安全配置
echo 'Protocol 2' >> /etc/ssh/sshd_config && systemctl  reload sshd

# 检查重要目录或文件权限设置 755
chmod 750 /etc/rc0.d/ && chmod 750 /etc/rc1.d/ && chmod 750 /etc/rc2.d/ && chmod 750 /etc/rc3.d/ && chmod 750 /etc/rc4.d/ && chmod 750 /etc/rc5.d/ && chmod 750 /etc/rc6.d/ && chmod 750 /etc/rc.d/init.d/